Secure Swarm Attestation and Recovery Scheme for IoT Devices
CSTR:
Author:
  • Article
  • | |
  • Metrics
  • |
  • Reference [23]
  • |
  • Related [20]
  • | | |
  • Comments
    Abstract:

    Owing to the lack of security mechanisms for Internet of Things (IoT) devices, the IoT environment faces serious security challenges. However, remote attestation can identify the authenticity and integrity of devices and can also establish trust in IoT devices through a remote mode. Swarm attestation is an extension of remote attestation technology, which can be applied to swarm composed of a large number of devices. Compared with the traditional remote attestation, the swarm attestation liberates the verifier and improves verification efficiency. At present, the swarm attestation is mainly used for static networks, and there is no efficient recovery mechanism for compromised devices. To solve these problems, this study proposes a secure swarm attestation and recovery scheme based on reputation mechanism and Merkle tree. Firstly, we use the reputation mechanism to achieve a many-to-one attestation scheme, which can effectively solve the single point of failure and also trigger the attestation from the device. In addition, the attestation scheme is suitable for semi-dynamic networks. Secondly, we introduce the Merkle tree for measurement, which can quickly and accurately identify the code blocks compromised by malicious software and efficiently recover them. Finally, the security analysis and performance evaluation of the swarm attestation scheme are presented. The results show that the swarm attestation in this study improves the security, and its performance overhead is acceptable.

    Reference
    [1] Frontera S, Lazzeretti R. Bloom filter based collective remote attestation for dynamic networks. The 16th International Conference on Availability, Reliability and Security. Vienna: ACM, 2021. 80.
    [2] Neshenko N, Bou-Harb E, Crichigno J, et al. Demystifying IoT security: An exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Communications Surveys & Tutorials, 2019, 21(3): 2702–2733
    [3] Griffioen H, Doerr C. Examining Mirai’s battle over the Internet of Things. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2020. 743–756.
    [4] Ibrahim A. Securing embedded networks through secure collective attestation. Proceedings of the 2018 Workshop on MobiSys 2018 Ph.D. Forum. Munich: ACM, 2018. 1–2.
    [5] Seshadri A, Luk M, Perrig A. SAKE: Software attestation for key establishment in sensor networks. 4th IEEE International Conference on Distributed Computing in Sensor Systems. Berlin: Springer, 2008. 372–385.
    [6] Li YL, McCune JM, Perrig A. VIPER: Verifying the integrity of peripherals’ firmware. Proceedings of the 18th ACM Conference on Computer and Communications Security. Chicago: ACM, 2011. 3–16.
    [7] McCune JM, Li YL, Qu N, et al. TrustVisor: Efficient TCB reduction and attestation. Proceedings of the 2010 IEEE Symposium on Security and Privacy. Oakland: IEEE, 2010. 143–158.
    [8] McCune JM, Parno BJ, Perrig A, et al. Flicker: An execution infrastructure for TCB minimization. ACM SIGOPS Operating Systems Review, 2008, 42(4): 315–328. [doi: 10.1145/1357010.1352625
    [9] Koeberl P, Schulz S, Sadeghi AR, et al. TrustLite: A security architecture for tiny embedded devices. Proceedings of the 9th European Conference on Computer Systems. Amsterdam: ACM, 2014. 10.
    [10] Brasser F, El Mahjoub B, Sadeghi AR, et al. TyTAN: Tiny trust anchor for tiny devices. Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference. San Francisco: IEEE, 2015. 1–6.
    [11] Kuang BY, Fu AM, Yu S, et al. ESDRA: An efficient and secure distributed remote attestation scheme for IoT swarms. IEEE Internet of Things Journal, 2019, 6(5): 8372–8383. [doi: 10.1109/JIOT.2019.2917223
    [12] Ibrahim A, Sadeghi AR, Tsudik G. HEALED: Healing & attestation for low-end embedded devices. 23rd International Conference on Financial Cryptography and Data Security. Cham: Springer, 2019. 627–645.
    [13] Asokan N, Brasser F, Ibrahim A, et al. SEDA: Scalable embedded device attestation. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Denver: ACM, 2015. 964–975.
    [14] Ibrahim A, Sadeghi AR, Zeitouni S. SeED: Secure non-interactive attestation for embedded devices. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks. Boston: ACM, 2017. 64–74.
    [15] Ambrosin M, Conti M, Lazzeretti R, et al. Toward secure and efficient attestation for highly dynamic swarms: Poster. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks. Boston: ACM, 2017. 281–282.
    [16] Kohnhäuser F, Büscher N, Katzenbeisser S. SALAD: Secure and lightweight attestation of highly dynamic and disruptive networks. Proceedings of the 2018 on Asia Conference on Computer and Communications Security. Incheon: ACM, 2018. 329–342.
    [17] Eldefrawy K, Tsudik G, Francillon A, et al. SMART: Secure and minimal architecture for (establishing dynamic) root of trust. Network and Distributed System Security Symposium. San Diego: NDSS, 2012.
    [18] Zhou L, Su CH, Hu Z, et al. Lightweight implementations of NIST P-256 and SM2 ECC on 8-bit resource-constraint embedded device. ACM Transactions on Embedded Computing Systems, 2019, 18(3): 23
    [19] Durairaj M, Muthuramalingam K. Dynamic shifting genetic non-adjacent form elliptic curve Diffie-Hellman key exchange procedure for IoT heterogeneous network. 2nd International Conference on Computing and Communication (IC3). Singapore: Springer, 2019. 489–509.
    [20] 武一, 李家兴, 范书瑞, 等. 基于最佳簇半径的无线传感器网络分簇路由算法. 现代电子技术, 2021, 44(4): 23–26
    [21] Li FF, Yu XZ, Wu G. Design and implementation of high availability distributed system based on multi-level heartbeat protocol. 2009 IITA International Conference on Control, Automation and Systems Engineering. Zhangjiajie: IEEE, 2009. 83–87.
    [22] OpenSim Ltd. OMNeT++ discrete event simulator. http://omnetpp.org/. (2016-10-18).
    [23] 杜变霞, 秦宇, 冯伟, 等. 面向物联网的高效集群证明机制. 计算机系统应用, 2018, 27(10): 22–32. [doi: 10.15888/j.cnki.csa.006626
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

林江南,吴秋新,冯伟.面向物联网设备的安全集群证明及修复协议.计算机系统应用,2022,31(9):183-191

Copy
Share
Article Metrics
  • Abstract:645
  • PDF: 1480
  • HTML: 1047
  • Cited by: 0
History
  • Received:December 01,2021
  • Revised:December 29,2021
  • Online: June 28,2022
Article QR Code
You are the first990774Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-3
Address:4# South Fourth Street, Zhongguancun,Haidian, Beijing,Postal Code:100190
Phone:010-62661041 Fax: Email:csa (a) iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063